Git Hooks

이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.

Overview

A Git hook is a program executed before a user commits code to a repository or pushes code to a remote location. A Git hook is generally used to run verifications and enforce requirements on the code before it is pushed to the remote branch.

Datadog Code Analysis provides a Git hook to check for static analysis violations or secrets before code is pushed or committed. The Datadog Code Analysis Git hook checks the code from the latest commit and the default branch and surfaces any errors it detects.

The Datadog Git hook warns developers before they push any code containing coding errors, vulnerabilities, or secrets. When you commit code with an error, a prompt like the following appears in the user terminal:

Datadog Git Hook detecting vulnerabilities

Setup

Download the datadog-git-hook program from the release page or the Datadog Static Analyzer releases.
Install the program on your computer.
Add a .git/hooks/pre-push file in the repository with the script below. Note: The script assumes the datadog-static-analyzer-git-hook binary is in /usr/local/bin/datadog-static-analyzer-git-hook.

#!/bin/sh

# Get the repo root path
repo_path=$(git rev-parse --show-toplevel)

# Make sure the user can provide some input
exec < /dev/tty

/usr/local/bin/datadog-static-analyzer-git-hook -r $repo_path --static-analysis --secrets --confirmation --default-branch <default-branch>

if [ $? -eq 0 ]; then
    echo "datadog-static-analyzer check passed"
    exit 0
else
    echo "datadog-static-analyzer check failed"
    exit 1
fi